Excellent post. Should be sticky IMO.
One thing I would emphasize is that you should never even type a password on a public/insecure terminal. This includes terminals at the library, computers you don't need to log in to at work, etc. Even if you do have a password protected login at work, you're putting your trust in the administrators of the network, and nobody's infallible. But if you're on somebody else's network, consider anything you do to be public knowledge. Even clearing internet settings won't save you from keyloggers, packet sniffers, man-in-the-middle attacks, etc.
Also l337 sp34k in a password IS NOT as secure as you may think it is. An in-depth dictionary attack can find the words "CaT", "c@t", "C/\t", "(A7", etc. all just as easily as "cat". Sure, it includes numbers, which, in theory, increases the complexity of your password, but it doesn't really make it much more secure. Consider this--this sham of a language was engendered by script kiddies. Of course black-hat hackers would think to compensate for it.